search: fix XSS vulnerability in search results The search feature did not correctly escape all arguments when displaying search matches and linking to the corresponding files. An attacker that can control the contents of a repository could thus cause a cross-site scripting (XSS) vulnerability. Fix the problem by removing the overall h.literal call that is only needed for the HTML entity &raquo; and splitting the link instead. We take the opportunity to improving the destination of the part before &raquo; which is the path to the repository. Instead of pointing to the search result, point to the repository itself. The part after &raquo; remains linked to the file containing the search match. Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).

[egg_info]
tag_build =
tag_svn_revision = 0
tag_date = 0

[aliases]
test = pytest

[compile_catalog]
domain = kallithea
directory = kallithea/i18n
statistics = true

[extract_messages]
add_comments = TRANSLATORS:
output_file = kallithea/i18n/kallithea.pot
msgid-bugs-address = translations@kallithea-scm.org
copyright-holder = Various authors, licensing as GPLv3
no-wrap = true

[init_catalog]
domain = kallithea
input_file = kallithea/i18n/kallithea.pot
output_dir = kallithea/i18n

[update_catalog]
domain = kallithea
input_file = kallithea/i18n/kallithea.pot
output_dir = kallithea/i18n
previous = true

[build_sphinx]
source-dir = docs/
build-dir = docs/_build
all_files = 1

[upload_sphinx]
upload-dir = docs/_build/html